From b276f34f53906b4fbf7ab6111332e2165a5c3f15 Mon Sep 17 00:00:00 2001 From: Eric Garver Date: Wed, 5 Dec 2018 09:38:26 -0500 Subject: [PATCH 13/23] tests/firewall-cmd: remove redundant checks for TESTING_FIREWALL_OFFLINE_CMD These checks are now part of the list macros. (cherry picked from commit 158e5db21e99c48bdd4992de46cc92162d3ba626) --- src/tests/firewall-cmd.at | 50 ++++++++++++++++----------------------- 1 file changed, 21 insertions(+), 29 deletions(-) diff --git a/src/tests/firewall-cmd.at b/src/tests/firewall-cmd.at index 82ffa9f52b47..3cb3e8a96ca7 100644 --- a/src/tests/firewall-cmd.at +++ b/src/tests/firewall-cmd.at @@ -731,36 +731,30 @@ FWD_START_TEST([direct ebtables]) FWD_CHECK([--direct --get-chains eb filter | grep mychain], 0, ignore) FWD_CHECK([--direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) FWD_CHECK([--direct --add-rule eb filter mychain 999 -p IPv6 --ip6-protocol UDP --ip6-source-port ! 12345 -j DROP], 0, ignore) -m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl --p IPv6 -j DROP --p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP --j RETURN -]) -]) + -p IPv6 -j DROP + -p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP + -j RETURN + ]) FWD_CHECK([--direct --remove-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) -m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl --p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP --j RETURN -]) -]) + -p IPv6 --ip6-proto udp --ip6-sport ! 12345 -j DROP + -j RETURN + ]) FWD_CHECK([--direct --add-rule eb filter INPUT 1 -p 0x86dd -j DROP], 0, ignore) FWD_CHECK([--direct --add-rule eb filter INPUT_direct 1 -p 0x86dd -j DROP], 0, ignore) -m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [dnl -m4_if(nftables, FIREWALL_BACKEND, [dnl - EBTABLES_LIST_RULES([filter], [INPUT], 0, [dnl --p IPv6 -j DROP --p IPv6 -j DROP -])], [dnl - EBTABLES_LIST_RULES([filter], [INPUT_direct], 0, [dnl --p IPv6 -j DROP --p IPv6 -j DROP --j RETURN -]) -]) -]) + m4_if(nftables, FIREWALL_BACKEND, [dnl + EBTABLES_LIST_RULES([filter], [INPUT], 0, [dnl + -p IPv6 -j DROP + -p IPv6 -j DROP + ])], [dnl + EBTABLES_LIST_RULES([filter], [INPUT_direct], 0, [dnl + -p IPv6 -j DROP + -p IPv6 -j DROP + -j RETURN + ]) + ]) FWD_CHECK([--direct --remove-rules eb filter INPUT], 0, ignore) FWD_CHECK([--direct --remove-rules eb filter mychain], 0, ignore) @@ -769,12 +763,10 @@ m4_if(nftables, FIREWALL_BACKEND, [dnl FWD_CHECK([--permanent --direct --get-chains eb filter | grep mychain], 0, ignore) FWD_CHECK([--permanent --direct --add-rule eb filter mychain 1 -p 0x86dd -j DROP], 0, ignore) FWD_RELOAD -m4_ifdef([TESTING_FIREWALL_OFFLINE_CMD], [], [ EBTABLES_LIST_RULES([filter], [mychain], 0, [dnl --p IPv6 -j DROP --j RETURN -]) -]) + -p IPv6 -j DROP + -j RETURN + ]) FWD_END_TEST FWD_START_TEST([lockdown]) -- 2.20.1